 <?php
include 'connect.php';
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
	echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
	$username=$_POST['username'];
	$password=$_POST['password'];
	$password1=md5(md5($password));
		/* so, the form has been posted, we'll process the data in three steps:
			1.	Check the data
			2.	Let the user refill the wrong fields (if necessary)
			3.	Varify if the data is correct and return the correct response
		*/
		$errors = array(); /* declare the array for later use */
		
		if(!isset($_POST['username']))
		{
			$errors[] = 'The username field must not be empty.';
		}
		
		if(!isset($_POST['password']))
		{
			$errors[] = 'The password field must not be empty.';
		}
		
		if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
		{
			echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
			echo '<ul>';
			foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
			{
				echo '<li>' . $value . '</li>'; /* this generates a nice error list */
			}
			echo '</ul>';
		}
		else
		{
			//the form has been posted without errors, so save it
			//notice the use of mysql_real_escape_string, keep everything safe!
			//also notice the sha1 function which hashes the password
			$sql = "SELECT * FROM `temp_users` WHERE `user_name`='$username'AND `user_pass`='$password1'";
						
			$result = mysql_query($sql);
			if(!$result)
			{
				//something went wrong, display the error
				echo 'Something went wrong while signing in. Please try again later.';
				//echo mysql_error(); //debugging purposes, uncomment when needed
			}
			else
			{
				//the query was successfully executed, there are 2 possibilities
				//1. the query returned data, the user can be signed in
				//2. the query returned an empty result set, the credentials were wrong
				if(mysql_num_rows($result) == 0)
				{
					echo 'You have supplied a wrong user/password combination. Please try again.';
					header("Location:signinn.php");
					exit;
				}
				else
				{
					//set the $_SESSION['signed_in'] variable to TRUE
					$data1=$_SESSION['signed_in'] = true;
					
					//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
					while($row = mysql_fetch_assoc($result))
					{
						$data2=$_SESSION['user_id'] 	= $row['user_id'];
						$_SESSION['user_name'] 	= $row['user_name'];
						$_SESSION['user_type'] = $row['user_type'];
					}
					$sql1="UPDATE `temp_users` SET `user_active`=1 WHERE `user_id`=$data2";
					$result1=mysql_query($sql1);
					include 'close_connect.php';
					
					echo 'Welcome, ' . $_SESSION['user_name'] . '';
					
					
					header("Location:home.php?$data1,$data2,$result1");
					exit;
				}
			}
		}
	}


?>